lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tue, Jul 27, 2010 at 3:15 PM, Dimitri DeFigueiredo
<dimitridobrasil@gmail.com> wrote:
> Hey Folks,
>
> I think Lua's small size give it a significant advantage over other
> languages when it comes to security. It is also (likely deceptively) easy to
> setup a sandbox to run untrusted code in Lua. In my mind, this makes Lua a
> very strong candidate for implementing server-side software. This is
> especially true when multiple users collaborate using their own automated
> scripts in the server as in massive multi-player online games or trading
> platforms.
>
> The only shortcoming I see is that Lua's VM (as described in
> http://luaforge.net/docman/view.php/83/98/ANoFrillsIntroToLua51VMInstructions.pdf)
> was not designed to run malicious code.
> For example, what happens when a "malicious" chunk specifies an invalid
> opcode? Does the VM halt or just ignore it?
>
> Therefore, when I want to sandbox code using Lua, I must trust not only the
> VM but also the "compiler" (lexer, parser,etc). There's a lot of extra C
> code outside the VM that also needs to be trusted.
>
> To be sure I can sandbox malicious code with Lua, I need to verify the
> platform. It is much easier to just verify the C code in the VM than in all
> of Lua. Is there a way to reduce the size of Lua's "trusted computing base"
> to the VM only? Is this at all in the roadmap? I understand that the
> internals of the Lua VM still change significantly at each release.
>
>
> Thanks!
>
>
> Dimitri
>

This is something I would be very interested in as well, as I'm
working on a server-side web application that will eventually use Lua
to run user-created plugins.

-- 
~Jonathan